Interface deactivation for communication between electronic appliances

ABSTRACT

A method for controlling the flow of data in a near field communication appliance having an interposed element and a plurality of secure elements is disclosed. The method includes: receiving a first communication, sent by an external appliance, which is intended for an application located in one of the secure elements; determining whether a first one of the secure elements contains the application; and deactivating an interface from the interposed element to the first secure element if the first secure element does not contain the application. Corresponding systems and appliances for near field communication are also disclosed.

PRIORITY CLAIM

This application claims priority to German Patent Application No. 102012 102 382.4, filed on 21 Mar. 2012, the content of said Germanapplication incorporated herein by reference in its entirety.

TECHNICAL FIELD

The invention relates to communication methods between electronicappliances, and particularly to the control of communication within anappliance which is used for near field communication, specifically inthe 13.56 MHz band, and to appliances with accordingly controlledcommunication.

BACKGROUND

Mobile electronic appliances are increasingly equipped with additionalradio frequency (RF) communication functions. By way of example, thisrelates to mobile telephones, portable media players, smartphones,personal digital assistants (PDAs), handheld games consoles, tabletcomputers, laptop computers, etc. Besides their conventional functions,these appliances will thus be capable of performing additionalcommunication functions. The range of applications for RF communicationfunctions includes, in particular, contactless chip card functions, suchas bookings, payments, purchases and the like, but also simpleterminal-to-terminal communication initiated by the user, for examplefor the exchange of photographs, MP3 songs or business cards. Suchadditional RF communication functions are increasingly being implementedusing what is known as near field communication (NFC) engineering.

NFC engineering is a wireless short range connectivity technique whichallows simple and secure two-way interactions between electronicappliances. This allows consumers to perform contactless transactions,access digital contents and connect electronic appliances orapparatuses. In other words, NFC engineering allows contactless,bidirectional communication between appliances. These elements may bemobile telephones, computers, consumer electronics, cards, tags, signs,posters, washing machines and the like which are equipped with NFC. Anappliance equipped with NFC engineering can basically operate in aread/write, peer-to-peer or card emulation mode.

NFC engineering is standardized as a contactless technique in the 13.56MHz frequency band. The ISO 14443 standard is a basic building block fora large part of the near field operations. NFC engineering is generallycompatible with at least the type A and type B ISO 14443 standards. Thecomponents of an NFC session comprise initiators and targets. Theinitiator is the element which starts and manages the communication andthe interchange of data. The target responds to requests from theinitiator. A feature of NFC engineering is that elements can act eitheras an initiator or as a target. NFC engineering requires a dedicated RFchipset and an antenna to be integrated in the mobile element.

In a known configuration, the ISO 14443 standard is mapped in a mobileterminal onto a contact-based, transparent interface between, by way ofexample, an NFC frontend and a secure element, the secure element beingable to be in the form of a smart card, for example. When physicalproximity between the terminal and a contactless external terminal isset up, for example in order to make an electronic payment, RFcommunication is used to set up communication between the terminal andthe mobile terminal. Based on the ISO 14443 standard, the communicationbetween the wireless terminal and the secure element on which anapplication for handling the payment transaction is hosted is usuallytransparent in this case. This means that the NFC frontend as aninterposed element passes the data stream through between the secureelement (SE) and the external wireless terminal in both communicationdirections almost without alteration. In this case, mere decoding is notregarded as a break in the transparency so long as the transportedinformation is not altered. This transparency is advantageous because,inter alia, it increases the communication speed as a result of absentintermediate steps in the NFC frontend, and also the security of theoverall process.

It is to be expected that commercially available terminals, such asmobile telephones, will each increasingly be equipped with multiplesecure elements, or at least the option of using multiple elements, in aforeseeable time. The reason for this, inter alia, is that there hasbeen no internationally recognized industrial standard to date whichprovides a standard format for a secure element for the different marketplayers in the area of near field communication. By way of example,these include manufacturers of mobile terminals such as mobiletelephones and tablet computers, etc., mobile radio providers, providersof payment systems, etc. The individual players have different channelsand options for bringing the hardware of their payment systems to thecustomer. In the case of a mobile telephone manufacturer, this may be,by way of example, the installation of a complete near fieldcommunication system, including an NFC frontend and a permanentlyinstalled, i.e. soldered, for example, secure element. By contrast, themobile radio provider is usually totally unable, or has only verylimited ability, to influence the hardware of the terminal and willtherefore provide a secure element, for example, in the form of or as acombination with a SIM card, which, as known from conventional mobileradio technology, the end user inserts into his mobile telephone, e.g.instead of his conventional previous SIM card without a secure element.A further option is a secure element in the form of a chip card (smartcard) or SD card, for example, which is inserted into a card slot in theterminal, that is to say in the mobile telephone, handheld computer ortablet computer, for example.

ISO standard 14443 defines the communication between a secure elementand an NFC frontend. One way of providing, by way of example, aplurality of payment systems in a mobile terminal with near fieldcommunication capability, such as a mobile telephone, is to provide therelevant applications associated with the different payment systems onthe same secure element (multi-application secure element). However,this provides only little flexibility insofar as, by way of example, theprovider of a payment system may first need to come to an agreement withthat market player which controls access to the secure element of therelevant terminal, for example a mobile radio provider in the case of aSIM card. Depending on the market structure and competitioncircumstances, this may turn out to be uneconomical, complicated orultimately impossible for the provider of a payment system. Technicalincompatibilities between the relevant applications and certain types ofsecure elements may be a further technical and economic obstacle.

Against this background, there is a need for methods and apparatuseswhich allow different applications for near field communication to beimplemented in a terminal without being reliant on access to aparticular secure element.

SUMMARY

In a first exemplary embodiment, the invention relates to a method forcontrolling the flow of data in a near field communication appliancehaving a plurality of secure elements. The method comprises: receiving afirst communication, sent by an external appliance, which is intendedfor an application located in one of the secure elements; determiningwhether a first one of the secure elements contains the application; anddeactivating an interface from the interposed element to the firstsecure element if the first secure element does not contain theapplication.

In a further exemplary embodiment, the invention relates to a near fieldcommunication system that includes a near field communication appliancecomprising a plurality of secure elements and an interposed elementconnected to the secure elements. The near field communication applianceis operable to receive a first communication, sent by an externalappliance, which is intended for an application located in one of thesecure elements. The near field communication appliance is also operableto determine whether a first one of the secure elements contains theaddressed application, and deactivate an interface from the interposedelement to the first secure element if the first secure element does notcontain the addressed application.

In a further exemplary embodiment, the invention relates to a method forcontrolling the flow of data in a near field communication appliancehaving an interposed element and a plurality of secure elements. Themethod comprises: receiving a first communication, sent by an externalappliance, which is intended for an application located in one of thesecure elements; determining which one of the secure elements containsthe application; and ensuring that further communication takes placeexclusively between the external appliance and the secure element whichcontains the application.

Those skilled in the art will recognize additional features andadvantages upon reading the following detailed description, and uponviewing the accompanying drawings.

BRIEF DESCRIPTION OF THE DRAWINGS

The components in the figures are not necessarily to scale, emphasisinstead being placed upon illustrating the principles of the invention.Moreover, in the figures, like reference numerals designatecorresponding parts. In the drawings:

FIG. 1 shows a schematic illustration of a near field communicationappliance incorporated in a terminal, based on exemplary embodiments ofthe invention;

FIG. 2 schematically shows a method based on exemplary embodiments ofthe invention;

FIG. 3 schematically shows another method based on exemplary embodimentsof the invention;

FIG. 4 shows a timing diagram based on exemplary embodiments;

FIG. 5 shows a terminal based on exemplary embodiments; and

FIG. 6 shows a further method based on exemplary embodiments.

DETAILED DESCRIPTION

The text below describes various embodiments of the invention, some ofwhich are also illustrated by way of example in the figures. In thedescription of the figures which follows, identical reference symbolsrelate to components which are the same or similar. In general, onlydifferences between various embodiments are described. In this context,features which are described as part of one embodiment can also readilybe combined in connection with other embodiments in order to produce yetfurther embodiments.

Exemplary embodiments relate to a method for controlling thecommunication in an NFC terminal which comprises an NFC frontend and atleast two secure elements. In this case, the assurance is provided thata communication arriving from an external appliance, for example acontactless terminal, is answered as far as possible without or with asmall time offset by precisely that secure element from the plurality ofsecure elements present which has the application suited to orassociated with the incoming communication. It is thus possible toaddress an application in one of a plurality of secure elementsregardless of whether one or more secure elements are connected.

This selection or assurance of precisely targeted communication can bemade in different ways based on exemplary embodiments. In this case,typically the standard transparency of the communication between theexternal appliance (that is to say a contactless NFC terminal, forexample) and the NFC frontend (the interposed element) with a secureelement can be interrupted at least for a short time, during which adecision or switch is made for the secure element which contains theapplication suited to the incoming communication and which can thereforebe stipulated as the actual terminal point for the communication in thenear field communication appliance. At the same time, the methods andappliances described in exemplary embodiments can usually be used toensure that in this case the break in the transparency cannot bedetected by the external appliance, that is to say that the course ofthe communication outwardly appears as if it were completely andconsistently transparent.

The term “transparency” or “transparent connection” used herein isdefined as follows. Based on exemplary embodiments, an interposedelement, which is an NFC frontend in one implementation, for example, isa bridge between an external NFC terminal and the secure elementsincorporated in the NFC appliance according to the invention or else ahost component. Transparency is thus intended to be understood to meanthat the NFC frontend merely performs the conversion of the RFinformation (that is to say in the 13.56 MHz band, for example) intodigital information. In this case, the data stream coded in the RFcommunication (e.g. based on the ISO 14443 standard) or the bit sequencethat is coded in is merely converted from the RF signal by the NFCfrontend, that is to say by means of analog-to-digital conversion. Theresulting bit sequence is then forwarded to the transparently linkedsecure element without further alteration or significant delay. This iswhat is intended to be understood by “transparency” or “transparentconnection of interposed element and secure element” within the contextof this specification.

An example of a break in the transparency is when the decoded bit streamis buffer-stored or buffered in the interposed element for a defined,significant period of time, for example, that is to say is essentiallynot forwarded in real time. In this case, one of the conditionssurrounding whether or not the connection between the interposed elementand a secure element can be regarded as transparent can be definedherein as follows. When the period of time for the delay between thereception of a first, RF-modulated bit by the interposed element and theforwarding of the bit is longer than the period of time which isrequired for calculation based on the input bit rate for thetransmission of a byte, the connection can no longer be regarded astransparent by definition. In other words, transparency is meant toinvolve the “residence time” of a bit in the interposed element beingshorter than or no more than equal to a period of time which isequivalent based on the input data rate for transmitting a byte. In thiscontext, significant changes in the bit sequence, for example as aresult of a change in the coding method owing to decoding and subsequentrecoding, are also deemed a break in the transparency. Short, systematictime delays, for example as a result of an interposed shift register inthe digital path, should not be considered to be a break in thetransparency, on the other hand. In principle, a break in thetransparency is indicated by all bit-oriented operations on the decodeddata stream which go beyond the above.

The concept described above, of linking the incoming communication tothe suitable secure element transparently toward the outside, with thetransparency of the communication being able to be broken internally, isachieved in multiple variants based on proposed exemplary embodiments.In this context, the expression “deactivation of an interface” usedherein does not necessarily mean that this interface needs to bedisconnected or deactivated completely. By way of example, it maysuffice for a status of the interface to be set to “off” or “inactive”by a control unit, such as the interposed element. Appropriate methodsand definitions are well known to a person skilled in the art.

Based on exemplary embodiments, an interface between a first secureelement and an NFC frontend is interrupted or deactivated when theapplication addressed by the external communication is not located orhosted on the first secure element. In the case of a contact-basedinterface between an NFC frontend and a secure element, which interfaceimplements the contactless protocol based on ISO 14443 2/3/4, this mayinvolve the following. Initially, the communication between the externalterminal and the first secure element is transparent as standard, whichmeans that all data coming from the RF interface of the NFC frontend arerouted directly to the secure element and vice-versa, and in theoutgoing case are sent on from there to the external terminal. Followingreception of the “select application identifier” command, the NFCfrontend—which to this end interrupts the transparentcommunication—detects and identifies whether or not the applicationaddressed by the incoming external communication is hosted on the activefirst secure element. If this is not the case, the NFC frontendinterrupts the connection via the interface or deactivates the interfaceto this secure element before the secure element can respond to therequest. The frontend then undertakes the communication and/or transfersit to another secure element or another application host.

The methods cited above can also be combined with further methods forpower management which are described below. In this context, an NFCfrontend typically controls the operating state of the connected secureelements, which means that typically only the secure elements with whichcommunication is taking place or imminent are in a switched on state ina type of time slot method.

FIG. 1 shows an apparatus based on exemplary embodiments. A terminal 100with an NFC capability comprises an NFC appliance (near fieldcommunication appliance) 25 which has an NFC frontend 10 (also:contactless frontend, CLF, or NFC modem). This is an interposed element,as a bridge or hub, in the communication between an external NFCterminal/reader 5 and a plurality of secure elements 40, 42, at leastone of which has or hosts an application. Each of the secure elements40, 42 has a coding/decoding unit 41, 43 and is connected to the NFCfrontend by means of wired interfaces 50, 52.

Based on exemplary embodiments, the NFC frontend 10 with its analog RFinterface 15 and an encoder/decoder unit 20 together with the secureelements 40, 42 and a host component 30 is part of a terminal 100 withNFC capability (shown only schematically in FIG. 1, in this regard seealso FIG. 5). The secure elements 40, 42 typically each comprise anencoder/decoder unit 41, 43. The terminal 100 may be based on amultiplicity of mobile or fixed terminals, as listed at the outset. Byway of example, these include mobile telephones, portable media players,smartphones, personal digital assistants (PDAs), handheld gamesconsoles, tablet computers, laptop computers, consumer electronics,cards, tags, signs, posters or household appliances. In this context,the host component 30 is representative and a simplified version of allof the electronics hardware and software which the terminals 100 containbesides the NFC-related part. FIG. 1 also shows an external terminal 5or contactless reader which can make contact with the near fieldcommunication appliance based on embodiments via respective RF antennas7, 8.

FIG. 2 schematically shows the processes based on the method 200according to exemplary embodiments which takes place in an appliance inFIG. 1. As standard, the RF interface 15 (see FIG. 1) workstransparently in an initial block 220, with forwarding of externallyincoming communication to a particular secure element 40, 42. In orderto determine the application suited to an incoming first communicationin one of the secure elements 40, 42, the request (“select AID”) comingfrom an external appliance 5 is buffered or buffer-stored in the NFCfrontend 10 (block 240), and a test is performed to determine whetherthe application suited to the AID command is contained in the currentlyor initially connected secure element 40, 42. If this test is positive,this first secure element 40, 42 continues to process the external query(block 280). However, if the NFC frontend 10 establishes that theapplication suited to the first communication coming from the outside isnot located on the currently connected secure element 40, 42, the NFCfrontend 10 deactivates the interface 50, 52 to this secure element 40,42 no later than after the time period T_(interface) _(—) _(off) (block300). This prevents a negative response (typically “not acknowledged”)from being routed from the first secure element 40 42, which does notcontain the addressed application, to the RF interface 15, and hence onto the external NFC appliance 5. Following the deactivation of theinterface, the NFC frontend 10 identifies the correct secure element 40,42 (block 320) which contains the application addressed by thebuffer-stored AID command, and forwards the AID command to that secureelement 40, 42 (block 340).

FIG. 3 shows a method 400 for controlling the flow of data in a nearfield communication appliance 25 having an interposed element 10 and aplurality of secure elements 40, 42 connected to the interposed element10 based on exemplary embodiments. The method comprises receiving afirst communication, sent by an external appliance 5, which is intendedfor an application that is located in one of a plurality of secureelements 40, 42 of the near field communication appliance 25 (block420). The method further comprises determining whether a first secureelement 40, 42 contains the addressed application (block 440), anddeactivating an interface 50, 52 from the interposed element 10 to thefirst secure element 40, 42 if the first secure element 40, 42 does notcontain the addressed application (a block 460).

A timing overview for a method based on exemplary embodiments is shownin FIG. 4. In the RF field, that is to say at the RF end of theinterposed element, a request (“Request”) is routed to a transparentlyconnected secure element in a transparent manner or by a transparentinterface as “Interface Data”. If the secure element understands therequest, but does not contain the application addressed in the request,a portion of the interface is switched off (“Interface Enable” set tozero), and hence the transparency is broken. A “Not acknowledged”response from this secure element is therefore rejected and not routedto the external appliance.

Based on exemplary embodiments, ISO 14443 layer 3 (the applicationlayer) is handled by the secure element 40, 42. This requires at leastone secure element 40, 42 to collect all the information about the layer3 level from all of the secure elements 40, 42 present (in the examplein FIG. 1, from itself, another and possibly one in the host component30) before the RF communication with the external NFC appliance/terminal5 begins. In this case, the NFC frontend 10 monitors/observes allexternally arriving data in parallel or more or less simultaneously. Ifthe NFC frontend 10 detects or identifies the “Select AID” command, itverifies whether a secure element 40, 42 is hosting the addressedapplication. If this check shows a positive result, the interface 50, 52to the secure element 40, 42 in question continues to be active. If thecheck shows a negative result, the interface 50, 52 to the secureelement 40, 42 in question is deactivated before the previously testedsecure element 40, 42 can send a negative response (“not acknowledged”).

In one variant, ISO 14443 layer 3 is handled by the NFC frontend 10 inthis case. The two (in this nonlimiting example) secure elements 40, 42are in this case initially set to the mode of the application layer.This can be accomplished either by virtue of layer 3 commands being sentby the NFC frontend 10 before the beginning of the RF communication withthe external terminal 5, or by virtue of fundamental configuration ofthe secure elements 40, 42 in a manner such that the secure elements 40,42 automatically start at the level of the application layer. Before the“Select AID” command, the NFC frontend 10 activates the interface 50, 52to a secure element 40, 42. The NFC frontend 10 then verifies whetherthis secure element 40, 42 is hosting the addressed application. If so,this secure element 40, 42 continues executing the relevant application.If the secure element 40, 42 does not contain the application, the NFCfrontend 10 deactivates the interface 50, 52 to this secure element 40,42, and the communication is passed to another secure element 40, 42.Finally, successful identification of the secure element 40, 42 with theaddressed application is followed by the communication being switched tothe transparent mode again by means of the interfaces 50, 52.

In exemplary embodiments, the above methods and appliances may also becombined with methods for power management. This means that a centralunit, in this case typically the NFC frontend 10, to which otherappliances are connected, can be switched on and off or put into an idlestate in a targeted manner in order to control whether communicationwith these appliances is at all possible at a particular time. Thisconsequently affords an elegant solution for an NFC frontend tosimultaneously control communication and lower power consumption.Switching on in a time slot method thus makes it possible to ensure thatonly the secure element(s) which is/are currently required is/are everswitched on, consuming current and able to communicate.

Since the induced current is limited, care should be taken to ensurethat only the absolutely necessary number of elements is active. Basedon timeout times, which may be different for different commands, thecorresponding secure element can be made to change its powerconsumption. The NFC frontend needs to take into account the timeouttime in this case before a further secure element is activated. The NFCfrontend can also cut off the power supply for particular secureelements after particular timeouts for example if this secure element isnot required for a foreseeable time.

FIG. 5 shows a mobile terminal 100, in this case a smartphone, with anear field communication appliance or system 25 according to ISO 14443based on exemplary embodiments. In embodiments, the mobile terminal 100may be, inter alia, a portable media player, a smartphone, a personaldigital assistant (PDA), a handheld games console, a tablet computer, asmart card, a personal computer, particularly a laptop, or another ofthe terminals mentioned in this specification.

FIG. 6 shows a method 500 based on exemplary embodiments for controllingthe flow of data in a near field communication appliance having aninterposed element and a plurality of secure elements. The method 500comprises receiving a first communication, sent by an externalappliance, which is intended for an application located in one of thesecure elements (block 520), and determining which of the secureelements contains the application (in block 540). The method furthercomprises taking measures to ensure that a further communication takesplace exclusively between the external appliance and the secure elementwhich contains the addressed application (in block 560).

A person skilled in the art will readily understand that not only canthe method based on embodiments that is described here be performed inthe variants described in detail, it can also, in principle, be used fora multiplicity of applications. In particular, it is suitable forelectronic appliances implemented on the basis of a standard which areintended to have the standard data communication between appliances orelements speeded up.

Terms such as “first”, “second”, and the like, are used to describevarious elements, regions, sections, etc. and are not intended to belimiting. Like terms refer to like elements throughout the description.

As used herein, the terms “having”, “containing”, “including”,“comprising” and the like are open-ended terms that indicate thepresence of stated elements or features, but do not preclude additionalelements or features. The articles “a”, “an” and “the” are intended toinclude the plural as well as the singular, unless the context clearlyindicates otherwise.

With the above range of variations and applications in mind, it shouldbe understood that the present invention is not limited by the foregoingdescription, nor is it limited by the accompanying drawings. Instead,the present invention is limited only by the following claims and theirlegal equivalents.

What is claimed is:
 1. A method for controlling the flow of data in anear field communication appliance having an interposed element and aplurality of secure elements connected to the interposed element, themethod comprising: receiving a first communication, sent by an externalappliance, which is intended for an application located in one of thesecure elements; determining whether a first one of the secure elementscontains the application; and deactivating an interface from theinterposed element to the first secure element if the first secureelement does not contain the application.
 2. The method of claim 1,wherein the first secure element begins communication with the externalappliance if the first secure element contains the application.
 3. Themethod of claim 1, wherein the interposed element determines whether thefirst secure element contains the application, and wherein theinterposed element forwards the first communication to a second one ofthe secure elements if the first secure element does not contain theapplication.
 4. The method of claim 1, wherein the interposed elementdeactivates the interface no later than after a defined time tInterfaceoff if the first secure element does not contain the application.
 5. Themethod of claim 1, further comprising buffer-storing the firstcommunication in the interposed element.
 6. The method of claim 1,further comprising beginning a transparent communication between theexternal appliance and the secure element which contains theapplication.
 7. The method of claim 1, wherein the external appliance isan NFC reader and the near field communication appliance is a mobileterminal with an NFC function.
 8. The method of claim 1, wherein theinterposed element is an NFC frontend.
 9. The method of claim 1, furthercomprising measuring in order to prevent data collisions between thesecure elements by using targeted power management.
 10. The method ofclaim 1, wherein the communication between the external appliance andthe near field communication appliance is based on ISO
 14443. 11. Themethod of claim 10, wherein information at a level of ISO 14443 layer 3is handled by one of the secure elements or by the interposed element.12. A near field communication system, comprising: a near fieldcommunication appliance, comprising: a plurality of secure elements; andan interposed element connected to the secure elements, wherein the nearfield communication appliance is operable to: receive a firstcommunication, sent by an external appliance, which is intended for anapplication located in one of the secure elements; determine whether afirst one of the secure elements contains the application; anddeactivate an interface from the interposed element to the first secureelement if the first secure element does not contain the application.13. The near field communication system of claim 12, wherein the firstsecure element is operable to begin communication with the externalappliance if the first secure element contains the application.
 14. Thenear field communication system of claim 12, wherein the interposedelement is operable to determine whether the first secure elementcontains the application and forward the first communication to a secondone of the secure elements if the first secure element does not containthe application.
 15. The near field communication system of claim 12,wherein the interposed element is operable to deactivate the interfaceno later than after a defined time t_(Interface) _(—) _(off) if thefirst secure element does not contain the application.
 16. The nearfield communication system of claim 12, wherein the near fieldcommunication appliance is further operable to buffer-store the firstcommunication in the interposed element.
 17. The near fieldcommunication system of claim 12, wherein the near field communicationappliance is further operable to begin a transparent communicationbetween the external appliance and the secure element which contains theapplication.
 18. The near field communication system of claim 12,wherein the external appliance is an NFC reader and the near fieldcommunication appliance is a mobile terminal with an NFC function. 19.The near field communication system of claim 12, wherein the near fieldcommunication system is a mobile terminal.